package org.wso2.carbon.server;

import java.security.Principal;
import java.util.Arrays;
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.catalina.realm.RealmBase;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.user.api.UserRealmService;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.utils.multitenancy.CarbonContextHolder;

/* loaded from: input_file:org/wso2/carbon/server/CarbonTomcatRealm.class */
public class CarbonTomcatRealm extends RealmBase {
    private static Log log = LogFactory.getLog(CarbonTomcatRealm.class);
    private static ThreadLocal<Boolean> isSaaSEnabled = new ThreadLocal<Boolean>() { // from class: org.wso2.carbon.server.CarbonTomcatRealm.1
        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.lang.ThreadLocal
        public Boolean initialValue() {
            return Boolean.FALSE;
        }
    };

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wso2/carbon/server/CarbonTomcatRealm$GenericCarbonPrincipal.class */
    public static class GenericCarbonPrincipal extends GenericPrincipal {
        private String tenantDomain;

        public GenericCarbonPrincipal(String str) {
            super(str, (String) null);
            this.tenantDomain = null;
            this.tenantDomain = null;
            if (str.contains("@")) {
                this.tenantDomain = str.substring(str.indexOf("@") + 1);
            }
        }

        public String getPassword() {
            throw new IllegalStateException("When CarbonTomcatRealm is in operation this method Principal.getPassword() should never be called");
        }

        public boolean hasRole(String str) {
            try {
                int tenantId = OSGiEnvironmentDataHolder.getUserRealmService().getTenantManager().getTenantId(this.tenantDomain);
                int lastIndexOf = this.name.lastIndexOf("@");
                String[] roleListOfUser = OSGiEnvironmentDataHolder.getUserRealmService().getTenantUserRealm(tenantId).getUserStoreManager().getRoleListOfUser(lastIndexOf == -1 ? this.name : this.name.substring(0, lastIndexOf));
                Arrays.sort(roleListOfUser);
                return Arrays.binarySearch(roleListOfUser, str) > -1;
            } catch (UserStoreException e) {
                CarbonTomcatRealm.log.error("Cannot check role", e);
                return false;
            }
        }
    }

    public void enableSaaS() {
        isSaaSEnabled.set(Boolean.TRUE);
    }

    protected String getName() {
        return getClass().getSimpleName();
    }

    protected String getPassword(String str) {
        throw new IllegalStateException("When CarbonTomcatRealm is in operation this method getPassword(String) should never be called");
    }

    public Principal authenticate(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8) {
        throw new IllegalStateException("Carbon doesn't use MD5 hashes. Can't do digest authentication");
    }

    public Principal authenticate(String str, String str2) {
        String str3 = null;
        if (str.contains("@")) {
            str3 = str.substring(str.indexOf("@") + 1);
        }
        if (!isSaaSEnabled.get().booleanValue()) {
            String tenantDomain = CarbonContextHolder.getCurrentCarbonContextHolder().getTenantDomain();
            if (str3 != null && !str3.equals(tenantDomain)) {
                if (tenantDomain.trim().length() == 0) {
                    tenantDomain = "0";
                }
                log.warn("Illegal access attempt by " + str + " to secured resource hosted by tenant " + tenantDomain);
                return null;
            }
        }
        try {
            UserRealmService userRealmService = OSGiEnvironmentDataHolder.getUserRealmService();
            if (userRealmService.getTenantUserRealm(userRealmService.getTenantManager().getTenantId(str3)).getUserStoreManager().authenticate(str.lastIndexOf("@") > -1 ? str.substring(0, str.lastIndexOf("@")) : str, str2)) {
                return getPrincipal(str);
            }
            return null;
        } catch (UserStoreException e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }

    protected Principal getPrincipal(String str) {
        return new GenericCarbonPrincipal(str);
    }
}
